nginx
Setup nginx webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
- Default Variables
- nginx_access_log
- nginx_client_body_buffer_size
- nginx_client_body_timeout
- nginx_client_header_buffer_size
- nginx_client_header_timeout
- nginx_client_max_body_size
- nginx_csp_enabled
- nginx_csp_options
- nginx_error_location
- nginx_error_log
- nginx_error_page
- nginx_group
- nginx_gzip_comp_level
- nginx_gzip_enabled
- nginx_gzip_min_length
- nginx_gzip_proxied
- nginx_gzip_types
- nginx_hsts_options
- nginx_keepalive_timeout
- nginx_maps
- nginx_maps_extra
- nginx_official_repo_enabled
- nginx_reset_timedout_connection
- nginx_rp_enabled
- nginx_rp_option
- nginx_send_timeout
- nginx_server_names_hash_bucket_size
- nginx_tls_certificates
- nginx_tls_certificates_extra
- nginx_tls_ciphers
- nginx_tls_dhparam_file
- nginx_tls_dhparam_size
- nginx_tls_ecdh_curve
- nginx_tls_enabled
- nginx_tls_hsts_enabled
- nginx_tls_ocsp_enabled
- nginx_tls_ocsp_trusted_certificate
- nginx_tls_versions
- nginx_user
- nginx_vhosts_default
- nginx_vhosts_dir
- nginx_vhosts_extra
- nginx_worker_connections
- nginx_worker_processes
- nginx_xcto_enabled
- nginx_xfo_enabled
- nginx_xfo_policy
- nginx_xxxsp_enabled
- nginx_xxxsp_parameters
- Discovered Tags
- Dependencies
nginx_access_log:
enabled: true
file: /var/log/nginx/access.log
format: main
nginx_client_body_buffer_size: 10k
nginx_client_body_timeout: 60
nginx_client_header_buffer_size: 1k
nginx_client_header_timeout: 60
nginx_client_max_body_size: 8m
nginx_csp_enabled: false
nginx_csp_options:
- directive: frame-ancestors
parameters:
- https://example.com
- https://mypage.com
Default error location. If set, the defined location will be automatically added once to every server block to handle custom error sites.
nginx_error_location: []
nginx_error_location:
- match: /
root: /var/www/vhosts/default
index: index.html
custom_options:
nginx_error_log:
enabled: true
file: /var/log/nginx/error.log
level: error
nginx_error_page: []
nginx_group: nginx
nginx_gzip_comp_level: 2
nginx_gzip_enabled: true
nginx_gzip_min_length: 1000
nginx_gzip_proxied:
- expired
- no-cache
- no-store
- private
- auth
nginx_gzip_types:
- text/plain
- application/x-javascript
- text/xml
- text/css
- application/xml
nginx_hsts_options:
- max-age=63072000
- includeSubDomains
- preload
nginx_keepalive_timeout: 65
nginx_maps: []
nginx_maps:
- input: $input
output: $output
parameters:
- "default 0"
- "/old/path /new_path"
nginx_maps_extra: []
nginx_official_repo_enabled: true
nginx_reset_timedout_connection: true
nginx_rp_enabled: true
nginx_rp_option: strict-origin
nginx_send_timeout: 60
nginx_server_names_hash_bucket_size: 32
nginx_tls_certificates: []
nginx_tls_certificates:
- source: "{{ ansible_user_dir }}/files/mycert.pem"
dest: /etc/pki/tls/certs/mycert.pem
mode: 0644
- source: "{{ ansible_user_dir }}/files/mykey.pem"
dest: /etc/pki/tls/private/mykey.pem
mode: 0600
nginx_tls_certificates_extra: []
nginx_tls_ciphers:
- ECDHE-RSA-AES256-GCM-SHA512
- DHE-RSA-AES256-GCM-SHA512
- ECDHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
nginx_tls_dhparam_file: _unset_
nginx_tls_dhparam_size: 2048
nginx_tls_ecdh_curve: _unset_
nginx_tls_enabled: false
nginx_tls_hsts_enabled: false
nginx_tls_ocsp_enabled: false
nginx_tls_ocsp_trusted_certificate: _unset_
nginx_tls_versions:
- TLSv1.2
nginx_user: nginx
nginx_vhosts_default:
- file: default
servers:
- port: 80
server_name: '{{ ansible_fqdn }}'
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
- match: /50x.html
root: /usr/share/nginx/html
custom_options:
- error_page 500 502 503 504 /50x.html
nginx_vhosts_default:
- file: default
upstreams:
- name: my_pool
servers: []
servers:
- port: 80
server_name: demo.example.com
tls_redirect: False # skips locations if enabled
tls_redirect_url:
tls:
cert: /etc/pki/tls/certs/mycert.pem
key: /etc/pki/tls/private/mykey.pem
dhparam:
client_max_body_size:
send_timeout:
add_headers:
- name:
value:
always: True
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
add_headers: []
proxy_pass:
proxy_pass_request_body:
proxy_next_upstream:
proxy_redirect:
proxy_http_version: "1.1"
proxy_buffering: "off"
proxy_connect_timeout: 3600s
proxy_read_timeout: 3600s
proxy_send_timeout: 3600s
proxy_set_headers: []
proxy_hide_headers: []
proxy_ignore_headers: []
proxy_intercept_errors: "off"
proxy_cache_bypass:
proxy_no_cache:
proxy_buffers:
custom_options:
custom_options:
- 'deny: all'
nginx_vhosts_dir: /var/www/vhosts
nginx_vhosts_extra: []
nginx_worker_connections: 1024
nginx_worker_processes: 1
nginx_xcto_enabled: true
nginx_xfo_enabled: true
nginx_xfo_policy: deny
nginx_xxxsp_enabled: true
nginx_xxxsp_parameters:
- 1
- mode=block
- tls_renewal
None.